|
|
|
|
|
|
by toyg
4266 days ago
|
|
|
"The courts" are basically a sieve (every newspaper hack learns this on his first day on the job), so you can count that one out very quickly. Manufacturers are only slightly better, and we've seen it with DigiNotar et al. That leaves the FBI/government, not exactly the strongest fort when it comes to public leaks. In that sense, Apple's marketing is right: the only person you should trust with the safety of your data is yourself. Also, if you allow firmware to reflash its keys, then you have a mechanism that again can be subverted (as well as what you point out). I think we've seen it with games that that sort of DRM doesn't work in the long run -- it's routinely cracked, but manufacturers don't care too much as long as it allows them time-windows long enough to make bank. Making it the basis of all data-handling in the land doesn't seem particularly smart. |
|
|
Saying "it's not possible to build a secure backdoor" is a cop-out.
The truth is, we can build systems so that your data can be decrypted with either your key, or a master key. And we can build systems where the master key requires multiple coordinated parties.
Such systems can be used to implement secure backdoors, but only if we can trust those parties with the master keys to do their job properly.
That requires:
- Proper key security so their keys don't get exposed
- Proper access controls so that the keys are only used for the purpose for which they're intended.
The problem is that we know with complete confidence that all of the parties involved in that process will fail at one or both of those hurdles.
This isn't a technical problem. "Secure golden keys" are technically feasible, and not even particularly hard. It's simply an issue that there is no one that you ought to trust with such a key.